CVE-2024-44024: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in NicheAddons Medical Addon for Elementor plugin versions up to 1.6.3. The vulnerability was identified on September 24, 2024, and was assigned CVE-2024-44024. This security issue affects the WordPress plugin Medical Addon for Elementor and allows authenticated users with contributor-level access or higher to perform XSS attacks (WPScan, Patchstack).

The vulnerability stems from insufficient input sanitization and output escaping in the Medical Addon for Elementor plugin. It has been classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and received a CVSS 3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires an authenticated user with contributor-level privileges to exploit (NVD).

When exploited, this vulnerability allows attackers to inject arbitrary web scripts into pages that will execute whenever a user accesses the injected content. This can lead to potential data theft, session hijacking, or other malicious actions performed in the context of the visiting user's browser (WPScan).

As of the current date, there is no known official fix available for this vulnerability. Website administrators using the affected plugin versions should consider implementing additional access controls and monitoring for suspicious activities (WPScan).